geoffc;2139607 Wrote:
> On 9/20/2011 11:46 AM, 42sd wrote:
>
> The docs explain how, and I excerpted that into an article:
>
> 'Calling Stored Procedures with the IDM JDBC Driver | Novell User
> Communities'
> (http://www.novell.com/communities/no...dm-jdbc-driver)
> 'Using the JDBC Driver and Direct SQL | Novell User Communities'
> (http://www.novell.com/communities/no...and-direct-sql)



Sorry to resurrect this thread, but I have a very similar problem to
the original poster and I didn't see anything in the JDBC driver
documentation or in two articles posted above that addresses the issue.

I need to send a custom query to the database, and I am also concerned
about the possibility of a sql injection attack. Using the
<jdbc:statement> with a <jdbc:sql> element is not satisfactory because
it sends a dynamic query to the database using the
java.sql.Statement.executeQuery(Sring sql) method, which is vulnerable
to SQL injection attacks. Like the OP, using <jdbc:call-procedure> or
<jdbc:call-funtion> is also not an option because they can only be used
to invoke stored procedures or functions in the database, and I my case
getting a custom stored procedure or function added to the database just
to facilitate IDM syncing is not going to happen.

Ideally I would like to be able to just create a prepared statement,
populate the parameters with appropriate values and have the driver
execute the corresponding java.sql.PreparedStatement.executeQuery().

I imagine having something in the policy looking similar to:

<jdbcrepared-statement>
<jdbc:sql->select a1, a2 from table where b1 = ? and b2 =
?</jdbc:sql>
<jdbcaram><jdbc:value>b1Value</jdbc:value></jdbcaram>
<jdbcaram><jdbc:value>b2Value</jdbc:value></jdbcaram>
</jdbcrepared-statement>

Is there any way that I can achieve the the intent of what I've written
above with the current JDBC driver?

Regards

Wade


--
wcatlyn
------------------------------------------------------------------------
wcatlyn's Profile: http://forums.novell.com/member.php?userid=32827
View this thread: http://forums.novell.com/showthread.php?t=445012